Technology Provider's Guide - Fujitsu€¦ · through services in CT-MG. • IaaS Integration...

B1WS-0984-08ENZ0(00)July 2015

FUJITSU SoftwareSystemwalker ServiceCatalog Manager V15.4

Technology Provider'sGuide

Trademarks LINUX is a registered trademark of Linus Torvalds.Microsoft and Windows are either registered trademarksor trademarks of Microsoft Corporation in the UnitedStates and/or other countries.Oracle, GlassFish, Java, and all Java-based trademarksand logos are trademarks or registered trademarks ofOracle Corporation and/or its affiliates.Apache Ant, Ant, and Apache are trademarks of TheApache Software Foundation.UNIX is a registered trademark of the Open Group in theUnited States and in other countries.Other company names and product names aretrademarks or registered trademarks of their respectiveowners.

Copyright FUJITSULIMITED 2015

All rights reserved, including those of translation into otherlanguages. No part of this manual may be reproducedin any form whatsoever without the written permission ofFUJITSU LIMITED.

High Risk Activity

The Customer acknowledges and agrees that the Product is designed, developedand manufactured as contemplated for general use, including without limitation,general office use, personal use, household use, and ordinary industrial use, but is notdesigned, developed and manufactured as contemplated for use accompanying fatalrisks or dangers that, unless extremely high safety is secured, could lead directly todeath, personal injury, severe physical damage or other loss (hereinafter "High SafetyRequired Use"), including without limitation, nuclear reaction control in nuclear facility,aircraft flight control, air traffic control, mass transport control, medical life supportsystem, missile launch control in weapon system. The Customer shall not use theProduct without securing the sufficient safety required for the High Safety Required Use.In addition, FUJITSU (or other affiliate's name) shall not be liable against the Customerand/or any third party for any claims or damages arising in connection with the HighSafety Required Use of the Product.

Export Restrictions

Exportation/release of this document may require necessary procedures in accordancewith the regulations of your resident country and/or US export control laws.

Contents

Technology Provider's Guide 3

ContentsAbout this Manual........................................................................... 4

1 Introduction...................................................................................... 7

1.1 The Technology Provider's Tasks in CT-MG.......................................................8

1.2 Preparing Applications for Usage in a SaaS Model...........................................8

1.3 Overview of Integration Tasks........................................................................... 11

1.4 Accessing CT-MG................................................................................................ 12

2 Access Types................................................................................. 14

2.1 Login Access........................................................................................................15

2.2 Direct Access....................................................................................................... 17

2.3 User Access......................................................................................................... 17

2.4 External Access................................................................................................... 20

3 Integrating Applications with CT-MG...........................................21

3.1 Implementing a Provisioning Service................................................................21

3.2 Adapting the Login/Logout Implementation..................................................... 23

3.3 Integrating with CT-MG Event Management..................................................... 23

3.4 Implementing Technical Service Operations.................................................... 23

4 Provisioning Applications as Services in CT-MG.......................25

4.1 Registering a Technical Service.........................................................................26

4.2 Defining a Technical Service in an XML File.................................................... 26

4.3 Appointing Suppliers for a Technical Service.................................................. 27

4.4 Updating and Maintaining the Service Definition.............................................27

5 Reporting........................................................................................ 29

Appendix A Menu Options and User Roles..................................................... 30

Appendix B Technical Service Definition XML File......................................... 31

Glossary ......................................................................................................... 39

About this Manual


About this ManualThis manual describes the tasks of technology providers in order to prepare software applicationsfor usage in a SaaS model and integrate them with FUJITSU Software Systemwalker ServiceCatalog Manager - hereafter referred to as Catalog Manager (CT-MG).The manual is structured as follows:

Chapter Description

Introduction on page 7 Explains how to prepare applications for SaaS andgives an overview of the integration tasks.

Access Types on page 14 Describes how users can access an application that isintegrated with CT-MG.

Integrating Applications with CT-MG onpage 21

Describes how to implement the interfaces betweenan application and CT-MG.

Provisioning Applications as Services inCT-MG on page 25

Describes how to register applications as services inCT-MG and appoint suppliers for them.

Reporting on page 29 Describes the reports available for technologyproviders in CT-MG.

Menu Options and User Roles onpage 30

Gives an overview of the menu options relevant fortechnology providers.

Technical Service Definition XML File onpage 31

Describes the elements of a technical servicedefinition.

Readers of this ManualThis manual is directed to technology providers who are responsible for integrating applicationswith CT-MG.This manual assumes that you are familiar with the following:• CT-MG concepts as explained in the Overview manual• Basic Web service concepts• XML and the XSD language• A programming language that can be used to create and invoke Web services, for example,

Java• Java, Java servlets, and Java server pages• Installation and basic administration of Web servers

Notational ConventionsThis manual uses the following notational conventions:

Add The names of graphical user interface elements like menu options are shownin boldface.

About this Manual


init System names, for example command names and text that is entered fromthe keyboard, are shown in Courier font.

<variable> Variables for which values must be entered are enclosed in angle brackets.

[option] Optional items, for example optional command parameters, are enclosed insquare brackets.

one | two Alternative entries are separated by a vertical bar.

{one | two} Mandatory entries with alternatives are enclosed in curly brackets.

AbbreviationsThis manual uses the following abbreviations:

APP Asynchronous Provisioning Platform

CT-MG Catalog Manager

IaaS Infrastructure as a Service

PaaS Platform as a Service

SaaS Software as a Service

SAML Security Assertion Markup Language

WSDL Web Services Description Language

XSD XML Schema Definition

Available DocumentationThe following documentation on CT-MG is available:• Overview: A PDF manual introducing CT-MG. It is written for everybody interested in CT-MG

and does not require any special knowledge.• Online Help: Online help pages describing how to work with the administration portal

of CT-MG. The online help is intended for and available to everybody working with theadministration portal.

• Installation Guide (GlassFish): A PDF manual describing how to install and uninstall CT-MG. Itis intended for operators who set up and maintain CT-MG in their environment.

• Operator's Guide: A PDF manual for operators describing how to administrate and maintainCT-MG.

• Technology Provider's Guide: A PDF manual for technology providers describing how toprepare applications for usage in a SaaS model and how to integrate them with CT-MG.

• Supplier's Guide: A PDF manual for suppliers describing how to define and manage serviceofferings for applications that have been integrated with CT-MG.

• Reseller's Guide: A PDF manual for resellers describing how to prepare, offer, and sell servicesdefined by suppliers.

• Broker's Guide: A PDF manual for brokers describing how to support suppliers in establishingrelationships to customers by offering their services on a marketplace.

About this Manual


• Marketplace Owner's Guide: A PDF manual for marketplace owners describing how toadministrate and customize marketplaces in CT-MG.

• Developer's Guide: A PDF manual for application developers describing the public Web serviceinterface of CT-MG and how to integrate applications and external systems with CT-MG.

• ServerView Resource Orchestrator Integration (GlassFish): A PDF manual for operatorsdescribing how to offer and use virtual platforms and servers controlled by ServerViewResource Orchestrator through services in CT-MG.

• Amazon Web Services Integration (GlassFish): A PDF manual for operators describing howto offer and use virtual servers controlled by the Amazon Elastic Compute Cloud Web servicethrough services in CT-MG.

• OpenStack Integration (GlassFish): A PDF manual for operators describing how to offer anduse virtual systems controlled by OpenStack through services in CT-MG.

• Trusted Public S5 Integration (GlassFish): A PDF manual for operators describing how to offerand use virtual systems controlled by FUJITSU Cloud IaaS Trusted Public S5 through servicesin CT-MG.

• Systemwalker Runbook Automation Integration Guide: A PDF manual for operators describinghow to offer and use automated operation processes of Systemwalker Runbook Automationthrough services in CT-MG.

• IaaS Integration Guide: A PDF manual for operators describing how to offer and use virtualsystems on different platforms through services in CT-MG.

• Javadoc documentation for the public Web service interface of CT-MG and additionalresources and utilities for application developers.

1: Introduction


1 IntroductionCatalog Manager (CT-MG) is a set of services which provide all business-related functions andfeatures required for turning on-premise software applications into Software as a Service (SaaS)offerings and using them in the Cloud. This includes ready-to-use account and subscriptionmanagement, online service provisioning, billing and payment services, and reporting facilities.With its components, CT-MG covers all the business-related aspects of a Platform as a Service(PaaS) or Cloud platform. It supports software vendors as well as their customers in leveragingthe advantages of Cloud Computing.The basic scenario of deploying and using applications as services in the CT-MG frameworkinvolves the following organizations:• Technology providers (e.g. independent software vendors) technically prepare their

applications for usage in the Cloud and integrate them with CT-MG. They register theapplications as technical services in CT-MG.

• Suppliers (e.g. independent software vendors or sales organizations) define service offerings,so-called marketable services, for the technical services in CT-MG. They publish the servicesto a marketplace.

• Customers register themselves or are registered by an authorized organization in CT-MG andsubscribe to one or more services. Users appointed by the customers work with the underlyingapplications under the conditions of the corresponding subscriptions.

• Marketplace owners are responsible for administrating and customizing the marketplaces towhich services are published.

• Operators are responsible for installing and maintaining CT-MG.

In extended usage scenarios, the suppliers who define marketable services may involve additionalusers and organizations in offering and selling these services:• Brokers support suppliers in establishing relationships to customers by offering the suppliers'

services on a marketplace. A service subscription is a contract between the customer and thesupplier.

• Resellers offer services defined by suppliers to customers applying their own terms andconditions. A service subscription establishes a contract between the customer and thereseller.

1: Introduction


1.1 The Technology Provider's Tasks in CT-MG

As a technology provider, you own or develop applications which you intend to provide as servicesin the Cloud using CT-MG to cover the business-related functionality.To achieve this goal, you perform the following basic tasks:• Prepare your applications for usage in a SaaS model, taking into consideration aspects such

as a remote interface, multi-tenancy, high scalability and availability, and security.• Implement the technical interfaces for integrating the applications with CT-MG.• Provision the applications as technical services in CT-MG.

As soon as a technical service is available in CT-MG, one or more suppliers appointed by youcan define actual service offerings, so-called marketable services, for it. The suppliers (or brokersor resellers appointed by them) publish these services to a marketplace, where customers cansubscribe to them.CT-MG provides specific reports for technology providers. For example, you can retrieveinformation on the number of subscriptions for your services and on the usage and load of theunderlying applications.As a technology provider, you can also act as a customer in CT-MG. This means that you areautomatically privileged to subscribe to services and work with the services you have subscribedto.If you also need to perform supplier or marketplace owner tasks, your organization must beassigned the corresponding roles by the CT-MG operator.

1.2 Preparing Applications for Usage in a SaaS ModelAn application that is to be offered in a SaaS model should take the following aspects intoconsideration:

Remote InterfaceYour application should have a remote interface by which users can access it from anywhere inthe Web (Internet/Intranet). This may be, for example, a Web user interface or a Web service.

1: Introduction


Multi-TenancyYour application should have multi-tenancy capabilities, at least with respect to the managementof data: The data of different customers or of different service subscriptions of a customer shouldbe clearly separated from each other and only be accessible by the respective customer orsubscription user.In CT-MG, the term "instance" refers to what is provisioned for a tenant (customer or subscription)on the application side. Before integrating an application with CT-MG, you must decide what toconsider an instance in the context of the application. Possible solutions range from using differentworkspaces in one data container over maintaining different databases to instantiating differentvirtual servers in an Infrastructure as a Service (IaaS) environment.Also, you need to decide what you want to provision an instance for. The usual and recommendedway is to provision one instance for each subscription:

1: Introduction


In case your application runs in a stateless mode and there is no need to store any data, or incase you know that a customer will only use one subscription, you could use one instance for acustomer or you could even use a single instance for all subscriptions of all customers:

High ScalabilityThe number of users, performance, and space requirements may differ to a great extent for eachcustomer. Therefore, your application should provide for high scalability.

High AvailabilityIdeally, your application should be available 24x7. You may consider having your applicationhosted in a professional data center that takes care of non-stop operation, backup, data security,and regular maintenance.

SecurityConsider the following security aspects when implementing your application: Web service callsbetween CT-MG and the application can be sent as plain text containing a user ID and password.For secure communication, the usage of certificates is recommended.

1: Introduction


1.3 Overview of Integration TasksAn application can be integrated with CT-MG components as shown in the following illustration.The CT-MG components are colored in dark grey:

Depending on your requirements, the integration involves the following tasks:1. Decide how users access your application. Depending on the type of access, you need to

consider different aspects for integration.Users may access an application directly or through CT-MG. When access occurs throughCT-MG, user management and authentication are under full control of the CT-MG identitymanagement, and price models on a per-user basis can be used.For details on access types, refer to Access Types on page 14.

2. Implement a provisioning service (optional).If an application is to integrate with the subscription management of CT-MG, it must provide acorresponding Web service (provisioning service). By the provisioning service, CT-MG triggersthe application to provision and manage whatever is required for a subscription.For more details, refer to Implementing a Provisioning Service on page 21.

3. Adapt the application's login/logout implementation (optional).If an application is to be accessed through CT-MG, its login/logout implementation must beadapted. Depending on the access type, specific methods defined by the provisioning servicemust be implemented.For more details, refer to Adapting the Login/Logout Implementation on page 22.

4. Integrate with the CT-MG event management (optional, but recommended for fine-grainedpay-per-use billing).The application can send events to the event management of CT-MG. Events can be used as abasis for price models, billing, and reporting.

1: Introduction


For more details, refer to Integrating with CT-MG Event Management on page 23.

5. Implement service operations (optional).The application can implement operations that can be executed from the CT-MG userinterface. Service operations can be used to access the resources of the application andperform administrative tasks.For more details, refer to Implementing Technical Service Operations on page 23.

6. Provision your application as a service in CT-MG.To do so, you first have to register the application as a technical service with CT-MG, eithervia the CT-MG user interface or by preparing an XML service definition and importing it intoCT-MG. Afterwards, you appoint suppliers for your services, who can then define serviceofferings.For details, refer to Provisioning Applications as Services in CT-MG on page 25.

1.4 Accessing CT-MGYou use the CT-MG user interface to perform some of your tasks. The role of your organization asa technology provider basically determines which features are available to you at the CT-MG userinterface. The actions available to you as an individual user additionally depend on your user rolewithin the organization.CT-MG distinguishes between the following user roles within technology provider organizations:• Administrator: Each technology provider organization must have at least one user with this

role. An administrator can manage the organization's account and subscriptions as well as itsusers and their roles. The first administrator of an organization is defined when the organizationis created.

• Technology manager: This role allows a user to define technical services in CT-MG.

To access the CT-MG user interface, you use the login information provided by CT-MG inthe email confirming the creation of your user account. If your organization uses an externalauthentication system, passwords are managed in this system. This means that you log in with thepassword as stored in this system, and the email sent by CT-MG does not contain a password.To log in to the administration portal where you will perform your tasks:1. Click the link provided in the email, or type the access URL in your Web browser's address bar.

The access URL has the following format:http://<server>:<port>/<context-root>

2. On the Login page, type your user ID and password.3. Click Login, or press Return.

You are either logged in directly, or you are prompted to change your initial password when youlog in for the first time. It is highly recommended to change the initial password.If you try to log in with a wrong password, your account may be locked after the third attempt.This depends on whether your organization maintains its user data in an external authenticationsystem. In this case, passwords can only be changed or reset in this system. If user data aremaintained in the platform, contact your administrator who can reset your password. You will get anew temporary password for your next login.If you have forgotten your password, click Forgot your password? on the Login page. Thisallows you to define a new password for your user ID. Defining a new password is not possible if

1: Introduction


your account is locked or if your organization maintains its user data in an external authenticationsystem.If you have forgotten your user ID, contact your administrator who can look up the IDs of all usersregistered for your organization.If your session expires, you have to log in again.

2: Access Types


2 Access TypesCT-MG offers various ways of integrating and accessing your application. The interaction takesplace between the following components:• The client which in fact is the user who accesses a service using a Web browser or a Web

service• CT-MG• The application which is accessed by the user

There are some criteria to be considered before you decide to use a specific access type. Thefollowing decision diagram helps you in deciding which access type to use according to yourenvironment and requirements:

The decision you make is reversible. If the basic requirements of your system are changing, youcan, of course, also change the access type.The access type determines• whether your application uses CT-MG for user authentication and CT-MG forwards login

information to your application (application login).• whether your application needs to implement a provisioning service.

2: Access Types


The following table provides an overview of the different access types and the availablecombinations:

* With user access, the application login can be controlled completely by the application, or SAML1.1 can be used as a single sign-on mechanism for user authentication.You define the desired access type when preparing a technical service definition for yourapplication. If you opt for access through CT-MG (login access), you need to adapt the login/logout implementation in your application. Depending on the access type you choose, you mustimplement the methods defined by the provisioning service.The following sections provide detailed information on the different access types. The sequencediagrams illustrate the interaction between the involved components. Arrows with solid linesrepresent messages requiring a response, arrows with dotted lines represent the responsemessages.

2.1 Login AccessWith login access, CT-MG is involved during login.User management and authentication are under full control of the CT-MG identity management,and price models on a per-user basis and corresponding billing services can be used.After login, any interaction between the client and the application takes place directly and withoutCT-MG being involved.

2: Access Types


The following figure shows the interaction between the client, CT-MG, and the application:

When a user logs in to CT-MG in order to use a service, he is authenticated by CT-MG and aCT-MG session is created. CT-MG creates a user token and returns it to the client together witha redirect to the application. The client, in turn, sends the login request with the user token to theapplication, which must be publicly visible. To be able to log the user in, the application sends alogin request to CT-MG prompting for the user ID corresponding to the user token. Once the userID is returned, the application needs to log the user in without requesting any further credentials.Users are trusted because they have been authenticated by CT-MG.After login, any interaction takes place directly between the client and the application.

Note: Your application should provide some default content for the base URL, since this URLspecifies the application's remote interface if a user is already logged in to CT-MG. Thebase URL is specified in the technical service definition (see Technical Service DefinitionXML File on page 31).

LogoutCT-MG needs to be notified by the application when a user logs out. The corresponding CT-MGuser session is then closed and the session data is updated in the CT-MG database.After logout, the application must redirect the user to its own logout page. The full URL of thispage is returned by the deleteServiceSession method of the CT-MG session service.

2: Access Types


Note: Users must not be redirected to the session after logout. Access to the application is nolonger authorized because the CT-MG session has been closed.

2.2 Direct AccessWith direct access, users interact directly with the application.As login is not carried out through CT-MG, there are no special requirements from CT-MGconcerning the application's login/logout functionality. CT-MG has no information about thenumber and duration of user sessions. Therefore, price models on a per-user basis andcorresponding billing services in CT-MG cannot be used.The following figure shows the interaction between the client, CT-MG, and the application:

The client sends a user's login request directly to the application. The application authenticatesthe user, creates a session, and returns that session to the client. Any subsequent interaction alsotakes place directly between the client and the application.The application needs to ensure that users are directed to the application instance that belongsto the relevant subscription in CT-MG. For Web applications, this could be achieved, for example,by configuring separate application URLs for the individual subscriptions. The relevant applicationURL can be included in the information which is returned to CT-MG when the instance for a newsubscription is created.

2.3 User AccessWith user access, users interact directly with the application.However, a basic user management is still carried out in CT-MG, which means that thecorresponding methods of the provisioning service are called when assigning a user to a

2: Access Types


subscription. Thus, price models on a per-user basis and corresponding billing services in CT-MGcan be used.The application login can either be controlled completely by the application, or you can use SAMLto provide a single sign-on mechanism. If you use SAML, the required authorization must beperformed by the application itself.

Access Without Single Sign-onUsers may interact directly with the application without involving CT-MG in any way.The following figure shows the interaction between the client, CT-MG, and the application:

The client sends a user's login request directly to the application. The application authenticatesthe user, creates a session, and returns that session to the client. Any subsequent interaction alsotakes place directly between the client and the application.The application needs to ensure that users are directed to the application instance that belongsto the relevant subscription in CT-MG. For Web applications, this could be achieved, for example,by configuring separate application URLs for the individual subscriptions. The relevant applicationURL can be included in the information which is returned to CT-MG when the instance for a newsubscription is created.

Access With Single Sign-on Using SAMLThe Security Assertion Markup Language (SAML) is an XML-based open standard for exchangingauthentication and authorization data between security domains, that is between an IdentityProvider (a producer of assertions) and a Service Provider (a consumer of assertions). SAMLassertions contain statements that Service Providers use to make access control decisions.In CT-MG terms, the Identity Provider is CT-MG itself, the Service Provider is the application to beaccessed. Authorization data are not exchanged.

2: Access Types


For details on SAML, refer to the information on the relevant websites. CT-MG supports the SAML1.1 standard.The following figure shows the interaction between the client, CT-MG (Identity Provider), and theapplication (Service Provider):

The following steps are depicted in the figure above:1. A user tries to access a resource of the application (Service Provider) integrated with CT-MG

(Identity Provider).2. The application requests the inter-site Transfer Service (SSO Service) of CT-MG:

https://idp.example.org/TransferService?TARGET=<target>

where <target> is the desired resource at the Service Provider.Be aware that the browser/POST profile does not specify how the URL to the Transfer Service(with the TARGET parameter) is obtained by the Service Provider. The Service Provider must beconfigured so that it can obtain the URL to the Transfer Service.

3. The inter-site Transfer Service determines whether the user has an existing logon securitycontext. If this is not the case, CT-MG interacts with the client to prompt the user to providevalid credentials.

4. The user provides valid credentials and a local logon security context is created for him withinCT-MG.

5. The inter-site Transfer Service returns an HTML document containing a FORM element,where the TARGET parameter of step 2 has been preserved. The value of the SAMLResponse

2: Access Types


parameter is the base64 encoding of a SAML Response element. The SAML Response isdigitally signed by the Identity Provider. This signature contains the public certificate to be usedfor validating the signature value.It is assumed that the Service Provider has already established a security context atthe Identity Provider, otherwise the inter-site Transfer Service is unable to provide anauthentication statement in the SAML Response element.

6. The Identity Provider requests the Assertion Consumer Service at the Service Provider,where the values of the TARGET and SAMLResponse parameters are taken from the HTML formcreated in step 5.

7. The Assertion Consumer Service consumes the SAML Response element and creates a localsecurity context at the Service Provider. The Service Provider must take care of validating theSAML Subject identifying the user and perform the required authorization. If the validation issuccessful and the user is allowed to access the application, the Service Provider redirects theclient to the target resource.

After login, any interaction takes place directly between the client and the application.

Note: Your application should provide some default content for the base URL, since this URLspecifies the application's remote interface if a user is already logged in to CT-MG. Thebase URL is specified in the technical service definition (see Technical Service DefinitionXML File on page 31).

In order for your application to use CT-MG as Identity Provider, you must observe and take care ofthe following:• Your application must support SAML 1.1. For example, the authentication ID passed with the

SAML request (see below) must conform to the SAML 1.1 standard.• The SAML request your application sends as HTTP redirect response to the inter-site Transfer

Service of CT-MG contains the following parameters:• ACS: URL of the Service Provider Assertion Consumer Service• TARGET: Target URL of the requested resource• authID: Authentication ID for the SAML requestExample:

https://myserver.example.com/fujitsu-bss-portal/saml/identityProvider.jsf? ACS=http%3A%2F%2Fmyapp.info%2Fcom.myplace.sso.POSTProfileGateway.wcp& TARGET=http://user.myapp.info/olc/& authID=63f1848a-699a-11e0-f029-2871ec2d5

• The Service Provider Assertion Consumer Service must be able to validate the digitally-signedassertion returned by the inter-site Transfer Service of CT-MG.

2.4 External AccessWith external access, users can access an application directly after subscribing to acorresponding service. The users are redirected immediately to the application. The URL leadingto the application is specified in the technical service definition.Any further interaction takes place directly between the client and the application without involvingCT-MG in any way.

3: Integrating Applications with CT-MG


3 Integrating Applications with CT-MGIntegrating an application with CT-MG involves the following implementation tasks:• Implement a provisioning service• Adapt the login/logout implementation• Integrate the application with the CT-MG event management• Implement service operations

These tasks are described in detail in the sections below.To help you perform these tasks, the CT-MG integration package(fujitsu-bss-integration-pack.zip file) with the following artifacts is shipped and providedwith CT-MG:• Web service specifications as Javadoc• WSDL and XSD files• Java archives with resources required for implementing the necessary Web services

The following Web services and utilities are shipped for public use with CT-MG:• Platform services• Provisioning API for implementing a provisioning service• Notification API for implementing a notification service• Operation API for implementing service operations

For a detailed description of the Web services and the usage of the utilities, refer to theDeveloper's Guide.

PrerequisitesIntegrating applications with CT-MG involves several interfaces for communication between theCT-MG platform and the technical service or application. The communication takes place in twodirections: Calls from the application to CT-MG (inbound calls) as well as calls from CT-MG tothe application (outbound calls). For inbound calls, the application must implement a client; foroutbound calls, the application must provide a server.Before you begin, make sure that the following prerequisites are met:• The application to be integrated is installed and operational.• An application server is installed and operational.• You have access to the CT-MG integration package.

3.1 Implementing a Provisioning ServiceAs a first integration step, you implement a so-called provisioning service that exposes itsoperations as a Web service. A provisioning service is required for integrating an applicationwith the subscription management of CT-MG. The provisioning service is called by CT-MG whencustomers subscribe to a service and manage their subscriptions. Additionally, the provisioningservice may be called for creating and managing users.You do not need to implement a provisioning service if you have chosen to use the externalaccess type. For details on access types, refer to Access Types on page 14.For the implementation of a provisioning service, you need to consider the following:• Instance provisioning



When a customer subscribes to a service, the underlying application is supposed to performspecific steps required for the subscription and return an identifier to CT-MG for futurereference. The term 'instance' denotes all the items that the application has provisioned for asubscription.The actions to be performed and the items to be created, if any, depend entirely on theconcepts and functionality of your application. For example, if a customer creates and storesdata when using your application, your application may create a separate workspace in a datacontainer or a separate database instance.

• Provisioning modeInstance provisioning can be performed in synchronous or asynchronous mode.Synchronous mode is used if provisioning can be completed right away. The provisioningservice triggers the application to perform all the required actions and confirms the operation ascomplete. CT-MG then sets the subscription to active, which means that the service is ready tobe used by the customer.Asynchronous mode is used if provisioning operations take a long time because long-runningprocesses or manual steps are involved, or when huge amounts of data or virtual machinesneed to be set up. In this case, the provisioning service notifies CT-MG that the provisioningis pending. Required actions may have started on the application side, but have not beencompleted yet. The provisioning service needs to notify CT-MG using the subscriptionmanagement service when provisioning is either complete or cannot be completed.CT-MG supports the development of asynchronous provisioning services with theasynchronous provisioning platform (APP). This is a framework which provides a provisioningservice as well as functions, data persistence, and notification features which are alwaysrequired for integrating applications in asynchronous mode. The framework, samples,and documentation are provided in the integration package for asynchronous provisioning(fujitsu-bss-integration-app-pack.zip file).

• Application parametersAn application may have parameters that are of relevance for the service provisioningin CT-MG. Parameters can be used to define different feature configurations or servicerestrictions, for example, the maximum number of folders, files, or objects that can be created.Application parameters are specified in the technical service definition.CT-MG can pass parameters to your application through the instance provisioning call. Anyfurther processing must be carried out by your application. Especially if parameters are used toimpose restrictions on service usage, the application needs to ensure that the restrictions aremet. For example, if there is a parameter to restrict the maximum number of files created for asubscription, the application needs to track the actual number and ensure that the maximumnumber is not exceeded.For details on how to define parameters in the technical service definition, refer to TechnicalService Definition XML File on page 31.

• User managementIf users access your application through CT-MG, you need to implement user managementoperations. These operations are called when users are assigned to or deassigned froma subscription in CT-MG, or when user profiles are updated. Your application may takecorresponding actions, for example, create corresponding user accounts in its own usermanagement system.

For details on how to implement a provisioning service, refer to the Developer's Guide.



3.2 Adapting the Login/Logout ImplementationIf you opt for access through CT-MG (login access), you need to adapt the login/logoutimplementation of your application to pass the control and authentication of users from theapplication to CT-MG, and implement the relevant methods defined by the provisioning service.The required functionality for login and logout is distributed between a token handler, a customlogin module, a custom logout module, and a logout listener:• The token handler is responsible for requesting CT-MG to resolve a user token into a user

ID. It takes up the task of creating a session object and storing the user ID in that object.Additionally, it forwards requests containing a resolved user token to the custom login module.

• The custom login module passes the user ID to the application. It enables users to log in tothe application without requesting any further credentials. Users are trusted because they havealready been authenticated by CT-MG. For example, a custom login module might pass theuser ID and a default password to the application.To ensure that any login takes place through CT-MG, the direct login to your application mustbe bypassed. For this purpose, you have to implement the required interface methods betweenthe application and CT-MG.

• The custom logout module closes user sessions on the application side and redirects usersto the logout page of CT-MG. The URL of the logout page is returned to the application by thedeleteServiceSession method of the CT-MG session service.

• The logout listener notifies CT-MG when a user logs out or a session timeout occurs.

For details on how to adapt the login/logout implementation, refer to the Developer's Guide.

3.3 Integrating with CT-MG Event ManagementThe event management service in CT-MG collects specific events generated during applicationoperation. These events can be used for price models, billing, and reporting. Examples of eventsare the completion of a specific transaction, or the creation or deletion of specific data.Your application can send events to CT-MG at runtime through the event management service,which is one of the CT-MG platform services.To integrate with CT-MG event management:1. If your application does not generate the required events yet, implement the generation of

events.2. Implement the sending of events to CT-MG.

For details, refer to the Developer's Guide.

3. When preparing the technical service definition, declare the events that your application willsend.For details on the technical service definition, refer to Technical Service Definition XML File onpage 31.

3.4 Implementing Technical Service OperationsYou may wish that your technical service offers additional operations or functions that are to beaccessible via the CT-MG user interface. In a SaaS environment, applications are not installedlocally but provisioned as services. Therefore, users cannot access the system resources theapplications are using, for example, to perform administrative tasks such as system backup or



shutdown. Technical service operations can be used to access the resources of an application andperform administrative tasks without actually opening the application.To provide technical service operations, a Web service based on the operation service API mustbe implemented. The operations, their parameters, and the access information of the Web servicemust be specified in the technical service definition for the application. Refer to Technical ServiceDefinition XML File on page 31 for details.For details on how to implement a Web service with technical service operations, refer to theDeveloper's Guide.

4: Provisioning Applications as Services in CT-MG


4 Provisioning Applications as Services in CT-MGAfter the required adaptations of your application are finished, you register your application as atechnical service in CT-MG.There are two possibilities for achieving this task:1. If the application does not provide any parameters, options, roles, events, or operations,

register the application as a technical service using the CT-MG user interface. Here, you candefine the basic features for the technical service you want to provide.

2. If an application is more complex and provides parameters, options, etc., create an XML filecontaining the technical service definition and import this file into CT-MG.

The figure below provides an overview of the two possibilities:

Possibility 1 consists of registering the application and then updating the service definition.Possibility 2 consists of creating an XML file and importing this file into CT-MG.You can also combine both ways. For example:1. Register the service using the CT-MG user interface.2. Export the service definition and save it to an XML file.3. Edit the XML file: Specify descriptions, license information, parameters, options, events, roles,

operations, etc.4. Import the XML file into CT-MG again.



After registering your application as a technical service, you need to appoint suppliers for it inCT-MG so that marketable services can be defined and published.The following sections describe the individual steps in detail.

4.1 Registering a Technical ServiceBy registering an application as a technical service, you make it available in CT-MG.To register a technical service:1. Log in to the CT-MG administration portal using the login information provided by CT-MG.2. Do one of the following:

• Select Technical Service > Register service definition, and fill in the fields as desired.• Select Technical Service > Import service definition, and import the XML file containing

your service definition.For details on how to create a technical service definition, refer to Defining a TechnicalService in an XML File on page 26.

4.2 Defining a Technical Service in an XML FileYou can define a technical service in an XML file. The file contains a description of the service'spurpose, the license agreement, application parameters, options, events, service roles, andoperations.A service definition must conform to the TechnicalServices.xsd XML schema. For detailedinformation on the elements and attributes, refer to Technical Service Definition XML File onpage 31.To prepare a service definition in an XML file:1. Create an XML file according to the TechnicalServices.xsd XML schema, and save it under

a name of your choice, for example, ServiceDefinition.xml.2. In the TechnicalService section of the file, specify at least the following information:

• id

• accessType

• provisioningType (if not specified, instance provisioning is performed in synchronousmode)

• provisioningUrl (optional for external access, otherwise required)

3. If you have configured basic user authentication (authentication without certificates) and sinceCT-MG is the only application allowed to access your provisioning service, specify the followinginformation:• provisioningUserName

• provisioningPassword

4. Do one of the following:• If users log in directly to your application (user or direct access), describe how to access the

application using the accessInfo element.• Fill in the baseUrl attribute (mandatory for login and external access).• If login is performed through CT-MG (login access), fill in the loginPath attribute.



5. If there are any parameters that are to be passed to your application by an instanceprovisioning call, declare them in the ParameterDefinition sections.

6. If your application sends events to CT-MG, declare all the events in the Event sections.7. If you want to define your own service roles, declare them in the Role sections.8. If you want to allow users to invoke specific operations on your technical service, declare the

operations in the Operation sections.

4.3 Appointing Suppliers for a Technical ServiceAfter registering a technical service either by importing the technical service definition XML fileor by providing the required information at the user interface, you appoint one or more suppliersfor it. Suppliers are the companies, departments, or people who offer your technical serviceas marketable services. Your organization may act as a supplier of its own, if it is granted thecorresponding role by the CT-MG operator.To appoint suppliers:1. Log in to the CT-MG administration portal using the login information provided by CT-MG.2. Select Account > Manage suppliers and select the technical service for which you want to

appoint a supplier.3. Specify the organization ID of the supplier to be appointed and click Add.

You can only specify suppliers that have previously been registered by the CT-MG operator.You can obtain the organization IDs from your suppliers.

The suppliers can now start defining marketable services for the technical services they areappointed for. These can be different editions of the technical services with individual pricemodels, configurations, upgrade options, and restrictions.You can also delete suppliers from the list of appointed suppliers. If customer subscriptionsexist for the marketable services of a supplier, a corresponding message is displayed. It lists theinstance IDs of the underlying application instances. If you want to view the instance IDs for yourtechnical services, you can create an instance report.

4.4 Updating and Maintaining the Service DefinitionYou can update the descriptive texts and the license agreement text for a technical service eitherby editing the XML service definition file, or - in a more convenient way - at the CT-MG userinterface. The changes are effective for all newly defined marketable services based on thistechnical service.To update the texts for the technical service in CT-MG:1. Log in to the CT-MG administration portal using the login information provided by CT-MG.2. Select Technical Service > Update service definition, and edit the texts as desired.

You can also update an existing technical service by editing the technical service definition andimporting it again:1. Log in to the CT-MG administration portal using the login information provided by CT-MG.2. Select Technical Service > Import service definition.

Observe the following:• If there is no marketable service based on the technical service, you can change all properties

of the technical service.



• If there is a marketable service based on the technical service, you cannot:• Change parameters and their options• Change event types• Remove parameters, options, or event types

• Roles cannot be removed if prices are defined for them or users having one of the roles areassigned to a related subscription.

You can also delete an existing technical service. If marketable services exist for the technicalservice, and if there are active subscriptions, it cannot be deleted. The technical service definitionXML file is not deleted physically, and you can import it again on demand.To delete a technical service:1. Log in to the CT-MG administration portal using the login information provided by CT-MG.2. Select Technical Service > Delete service definition.

5: Reporting


5 ReportingCT-MG offers comprehensive reports for different purposes and at different levels of detail. Youcan choose from various predefined reports.The following reports are available for technology providers:• Technical service usage report: Shows all technical services of a technology provider,

including the type and number of the events that were collected during the usage of theservices.

• Supplier report: Shows the suppliers registered by a technology provider for the technicalservices, and lists the marketable services which the suppliers have defined based on thetechnical services.

• Subscription report: Shows the marketable services suppliers created based on the technicalservices of the technology provider, and the number of subscriptions to the marketableservices.

• Instance report: Shows all application instances of the technology provider's technicalservices and their configuration (parameters and values).

Use the Create report menu option in the Account menu of the CT-MG user interface andchoose the desired report. Depending on the report type, you might have to enter additional reportparameters.The generated report is instantly displayed at the CT-MG user interface. You can choose to printthe report or save it in several formats.

Note: Contact your platform operator if the reporting functionality is not available. He isresponsible for defining the respective configuration parameters.

Appendix A: Menu Options and User Roles


Appendix A: Menu Options and User RolesThis appendix provides an overview of the user roles required for using the menu options at theCT-MG administration portal which are of relevance to a technology provider. For details on themenu options, refer to the Online Help.

Account MenuThe following user roles are required for using the menu options in the Account menu:

Edit profile Any user role

Import users(if the organization uses LDAP-baseduser authentication)

Administrator

Change password(if the organization does not useLDAP-based user authentication)

Any user role

Register new users(if the organization does not useLDAP-based user authentication)

Administrator

Manage users Administrator

LDAP settings(if the organization uses LDAP-baseduser authentication)

Administrator

Create report Administrator

Process triggers Administrator

Manage processes(if the organization is connected to anexternal process control system)

Any user role

Manage suppliers Technology manager

Technical Service MenuThe following user roles are required for using the menu options in the Technical service menu:

Register technical service Technology manager

Import technical service Technology manager

Update technical service Technology manager

Export technical service Technology manager

Delete technical service Technology manager

Appendix B: Technical Service Definition XML File


Appendix B: Technical Service Definition XML FileA service definition contains the information required to register an application as atechnical service in CT-MG. It is specified in an XML file which needs to conform to theTechnicalServices.xsd XML schema.This section describes the meaning of the elements and attributes that can be defined. Forinformation on the syntax, refer to the TechnicalServices.xsd schema.

TechnicalServicesTop-level element of a service definition file.

TechnicalServiceContains all the information required to register an application as a technical service in CT-MG.Attributes:• id - ID of the application (required).

The id is the key that uniquely identifies your application as a technical service. The ID mustbe unique across all your applications registered as technical services.

• build - Build number of the application (optional).You can use this number to specify the build number or patch level of the applicationunderlying the technical service.

• provisioningType - Specifies whether instance provisioning is performed in synchronous orasynchronous mode (optional). The default is synchronous mode.For details on provisioning modes, refer to Implementing a Provisioning Service on page 21.

• provisioningTimeout - Specifies the time in milliseconds after which an asynchronousprovisioning operation is considered to have failed (optional). By default, no timeout occurs.

• provisioningUrl - URL of the WSDL document that defines the provisioning service youimplemented for your application (optional for the EXTERNAL access type, otherwise required).Be aware that for asynchronous provisioning, you need to use the HTTPS protocol.

• provisioningVersion - Version number of your provisioning service (optional).• provisioningUsername - Name of the user who is authorized to access the provisioning

service (optional).Only required if you secure your provisioning service by basic user authentication(authentication with user ID and password without certificates). Basic user authentication mustensure that the provisioning service can be called by CT-MG only.For details on securing the communication between CT-MG and the provisioning service andfor details on authentication methods, refer to the Developer's Guide.

• provisioningPassword - Password of the user specified in provisioningUserName(optional).

• accessType - Specifies how users access your application (required).Use DIRECT if users log in directly to your application without involving CT-MG.Use LOGIN if users log in to your application through CT-MG. Subsequent interactions takeplace directly between the client and the application without involving CT-MG.



Use USER if the user-specific methods of the provisioning service should be used. With thisaccess type, the application login can be controlled completely by the application, or SAML canbe used as a single sign-on mechanism.Use EXTERNAL if users should be able to access an application directly via the URL specified inthe baseUrl attribute. The application ID (id attribute) is appended to the URL when accessingthe service.For details on access types, refer to Access Types on page 14.

• baseUrl - URL of the remote interface of your application. Users are forwarded to this URL forservice access.Required for the LOGIN and EXTERNAL access type. For the EXTERNAL access type, you specifythe external URL here. In the sample below (baseUrl="http://myserver:7777/myservice"),your Web application is running on myserver at port 7777.Optional for the DIRECT and USER access type. At the CT-MG administration portal, amarketplace owner can define featured services for his marketplace home page. If amarketplace owner decides to display services and subscriptions grouped by category on hishome page, the specification of the baseUrl is recommended. It allows the home page visitorto directly use the service if his organization has subscribed to it.Your application should provide some default content for the base URL, since this URLspecifies the application's remote interface.Be aware that internet domain names must follow the following rules:• They must start with a letter and end with a letter or number.

• They may contain letters, numbers, or hyphens only. Special characters are not allowed.

• They may consist of a maximum of 63 characters.

• loginPath - Path to the token handler, a module of your application that handles loginrequests containing a user token (optional). Required for the LOGIN access type.The path must be relative to the URL specified as baseUrl and start with a /.

• onlyOneSubscriptionPerUser - Defines whether an organization can subscribe only once toa service. Can be set to true or false. If set to false (default), an organization can subscribeto several marketable services based on your technical service. If set to true, an organizationcan subscribe to one marketable service based on your technical service only. In this case, thesupplier can still define several marketable services, but as soon as a customer subscribesto one of these services, the other marketable services will no longer be available to him forsubscription.At the CT-MG administration portal, a marketplace owner can define featured servicesfor his marketplace home page. If a marketplace owner decides to display services andsubscriptions grouped by category on his home page, it is recommended that you setonlyOneSubscriptionPerUser to true. This allows the home page visitor to start using theservice directly from the marketplace home page without the need to select the subscriptionfrom the list of existing subscriptions.

• allowingOnBehalfActing - Defines whether an organization can act on behalf of anotherorganization. Can be set to true or false (default). If set to true, an organization withthe technology provider and the supplier role can act in CT-MG on behalf of a customerorganization. This is achieved via a customer's subscription whose underlying technical servicehas the allowingOnBehalfActing attribute set to true.



Example:

<TechnicalService accessType="LOGIN" baseUrl="http://myserver:7777/myservice" build="25.01.2010" id="SampleService" loginPath="/login" provisioningType="SYNCHRONOUS" provisioningUrl= "http://myserver:8090/axis/services/MyProvisioningService?wsdl" onlyOneSubscriptionPerUser="false">

AccessInfoOnly required for the DIRECT or USER access type.Contains a textual description of how users can access your application in the language specifiedby the locale attribute. The access information may consist of up to 4096 characters. Thedescription is required because users do not access the application through CT-MG.For example, if your application has a Web user interface, you could provide some introductorytext and the URL of the login page.The description is displayed at the CT-MG user interface and included in the email that is sent tousers of services based on your technical service. The description can be specified for multiplelanguages. Make sure that you always specify the access information at least for the defaultlanguage, English (locale=en). This is also used for any language for which no separate text hasbeen stored.Attribute:locale - Locale code, for example en for English or en-US for English - United States.

LocalizedDescriptionContains a description of the item's purpose in the language specified by the locale attribute. Canbe specified for multiple languages.LocalizedDescription elements are contained in the following elements:• TechnicalService

At the CT-MG user interface, the service description is visible to you as the technology providerand to any supplier, reseller, or broker who sells your service.

• ParameterDefinition

At the CT-MG user interface, the parameter description is visible to you as the technologyprovider, to any supplier, reseller, or broker who sells your service, and to the customerssubscribing to the service.

• Event

At the CT-MG user interface, the event description is visible to you as the technology provider,to any supplier, reseller, or broker who sells your service, and to the customers subscribing tothe service.

• Role

At the CT-MG user interface, the role description is visible to you as the technology providerand to any supplier, reseller, or broker who sells your service.

• Operation



At the CT-MG user interface, the operation description is visible to you as the technologyprovider when updating the technical service definition and to customers when they select anoperation to be executed for your service.

Attribute:locale - Locale code, for example en for English or en-US for English - United States.Example:

<LocalizedDescription locale="en"> Our Service supports you in ... </LocalizedDescription>

LocalizedLicenseContains the license agreement for the customer in the language specified by the localeattribute. Can be specified in multiple languages.At the CT-MG user interface, the license agreement is visible to you as the technology provider,to any supplier, reseller or broker who sells your service, and to the customers subscribing to yourservice. It can be changed by suppliers and resellers.Attribute:locale - Locale code, for example en for English or en-US for English - United States.Example:

<LocalizedLicense locale="en"> Please read this software license agreement ... The license terms are applied for the concession of the rights ... </LocalizedLicense>

LocalizedTagContains tags (search terms) to be associated with the technical service in the language specifiedby the locale attribute. Can be specified in multiple languages.At the CT-MG administration portal, the tags are visible to you as the technology provider. On amarketplace, customers can use the tags to search for marketable services based on the technicalservice, provided that the tag display is enabled for the marketplace by the marketplace owner.You can enter up to five terms, separated by commas. The tags are not case-sensitive. They mustnot consist of more than 20 characters.Attribute:locale - Locale code, for example en for English or en-US for English - United States.Example:

<LocalizedTag locale="en"> Documentation </LocalizedTag>

LocalizedNameContains the name of a service role, operation, or operation parameter in the language specifiedby the locale attribute. Can be specified for multiple languages.At the CT-MG user interface, the role name is visible to you as the technology provider, to anysupplier, reseller, or broker who sells your service, and to the customers when they assign usersto subscriptions. The operation and operation parameter name is visible to customers when



they start to use your service and to you as the technology provider when updating the technicalservice definition.Attribute:locale - Locale code, for example en for English or en-US for English - United States.

ParameterDefinitionDeclares a parameter that is passed to your application during instance provisioning.Suppliers can use parameters to make different values available to customers as different options,for example, different feature configurations or service restrictions. For parameters of typeENUMERATION, you can define specific options. For example, for a MEMORY_STORAGE parameter thatmay take a value of 1 GB, 2 GB, or 4 GB, you could define three options: one for minimum space,one for medium space, and one for maximum space. The options are available to a supplierwhen defining a price model; a customer can choose between the options when subscribing to aservice.CT-MG passes all parameters that you declare in the service definition to your application throughthe instance provisioning call. Any further processing must be carried out by your application.Especially if parameters are used to impose restrictions on service usage, the application needsto ensure that the restrictions are met. For example, if you declare a MAX_FILE_NUMBER parameterthat restricts the maximum number of files created by a user, the application needs to track theactual number and ensure that the maximum number is not exceeded.CT-MG offers the following predefined parameters:

Parameter Description

NAMED_USER This parameter is used to restrict the maximum number of users persubscription. It is relevant for login and user access.

CONCURRENT_USER This parameter is used to restrict the maximum number ofconcurrent users. It is relevant for login and user access.

PERIOD This parameter is used to define the maximum lifetime of asubscription. As soon as this period has expired, the instancesrelated to the subscription are deactivated. The parameter isrelevant for all access types except external access.

Predefined parameters are controlled by CT-MG and can be set for any marketable service. Noimplementation effort is required from your side.Attributes:• id - ID of the parameter. The ID must be unique across the parameters of a technical service.• valueType - Data type of the parameter: BOOLEAN, INTEGER, LONG, STRING, ENUMERATION.• mandatory - Defines whether a value for the parameter must be set for a subscription. Can be

set to true or false.• configurable - Defines whether the parameter is visible to suppliers. Can be set to true or

false. If set to false, only you can see and modify the parameter. If set to true, the suppliercan define whether to provide this parameter with different options to customers. Only if thesupplier defines the parameter as configurable for his customers, he can define a price for itand the customer can choose an option when subscribing to the service. Irrespective of anysetting, the parameter will be sent to the service during the provisioning.



• modificationType - Defines whether the parameter can be set only at the time a customersubscribes to a service (one-time parameter), or whether it can be set or modified whenupdating a subscription (standard parameter). Can be set to ONE_TIME or STANDARD. If setto ONE_TIME or left empty, parameter options cannot be changed once a subscription to themarketable service based on this technical service has been created. If a customer upgradesto a service with a parameter with the modificationType set to ONE_TIME, the parameteroptions defined by the customer during the initial subscription apply.If set to STANDARD, the parameter options can be changed when a subscription to themarketable service based on this technical service is updated. Irrespective of any setting, theparameter will be sent to the service during the provisioning.

• default - Defines the default value for the parameter. Values for the data types INTEGER,LONG, and BOOLEAN are evaluated by native Java mechanisms. For boolean values, this means,for example, that all values except true or TRUE are converted to false.

• minValue - For parameters of type INTEGER and LONG, defines the minimum value for theparameter.

• maxValue - For parameters of type INTEGER and LONG, defines the maximum value for theparameter.

• Options - For parameters of type ENUMERATION, declares the possible options that can bepassed to the application for this parameter during instance provisioning. The Options elementcontains various Option elements that have the following attributes:• id - ID of the option. The ID must be unique across the options of a parameter.• LocalizedOption - Contains a description of the option's purpose in the language specified

by the locale attribute. Can be specified in multiple languages.

Example:

<ParameterDefinition configurable="true" default="2" id="MEMORY_STORAGE" mandatory="false" valueType="ENUMERATION">

<Options> <Option id="1"> <LocalizedOption locale="en">Minimum space (1GB) </LocalizedOption> </Option> <Option id="2"> <LocalizedOption locale="en">Medium space (2GB) </LocalizedOption> </Option> <Option id="3"> <LocalizedOption locale="en">Maximum space (4GB) </LocalizedOption> </Option> </Options> </ParameterDefinition>

<ParameterDefinition configurable="true" modificationType="STANDARD" default="200" id="MAX_FOLDER_NUMBER2" mandatory="true"



maxValue="500" minValue="12" valueType="INTEGER"> <LocalizedDescription locale="en"> Number of folders that can be created.</LocalizedDescription> </ParameterDefinition>

EventDeclares an event type. The application can notify CT-MG about its occurrence. Only requiredif you implemented the notification of events. For details, refer to Integrating with CT-MG EventManagement on page 23.Attribute:id - ID of the event. The ID must be unique across the events of a technical service.Example:

<Event id="FILE_DOWNLOAD"> <LocalizedDescription locale="en"> File Download </LocalizedDescription> </Event>

RoleDeclares a service role. Service roles provide different types of access to the underlyingapplication. Each service role can be mapped to corresponding access rights or privileges in theapplication.Attribute:id - ID of the service role. The ID must be unique across the service roles of a technical service.Example:

<Role id="ADMIN"> <LocalizedName locale="en">Administrator</LocalizedName> <LocalizedDescription locale="en"> Administrators have full access to all data entities and can execute administrative tasks such as role assignments and user creation. </LocalizedDescription> </Role>

<Role id="GUEST"> <LocalizedName locale="en">Guest</LocalizedName> <LocalizedDescription locale="en"> Guests only have limited read access. </LocalizedDescription> </Role>

OperationDeclares an operation that can be executed on a technical service.You may wish that your technical service offers additional operations or functions that are to beaccessible via the CT-MG user interface. In a SaaS environment, applications are not installedlocally but provisioned as services. Therefore, users cannot access the system resources theapplications are using, for example, to perform administrative tasks such as system backup or



shutdown. Technical service operations can be used to access the resources of an application andperform administrative tasks without actually opening the application.To provide for technical service operations, a Web service based on the operation service APImust be implemented. Refer to the Developer's Guide for details.Attributes:• id - ID of the operation. The ID must be unique across the operations of a technical service.• actionURL - URL of the WSDL document defining the implemented operation service.

The server and port to be used must match the ones where the provisioning service of theapplication is running. Be aware that for asynchronous provisioning, you need to use theHTTPS protocol. In addition, for ensuring correct communication between CT-MG and APP,certificates must have been exchanged, and the server given in the actionURL attributemust be specified as the host name whose certificate has been registered. Refer to the APPdocumentation for details on certificate handling.

• OperationParameter - For every operation, declares the possible parameters and their valuesthat can be passed to the operation during service provisioning. The OperationParameterelement has the following attributes:• id - ID of the parameter. The ID must be unique across the operation parameters.• mandatory - Defines whether a value for the operation parameter must be specified. Can be

set to true or false.• type - Defines whether the value for the operation parameter is retrieved from the technical

service or from a text string. Can be set to REQUEST_SELECT (users can select from a list ofoptions retrieved from the techical service) or INPUT_STRING (users can enter a text stringfor further information).

• LocalizedName - Contains the name of the parameter in the language specified by thelocale attribute. Can be specified in multiple languages.

Example:

<Operation id="SNAPSHOT" actionURL="https://myserver:8091/OperationService/ AsynchronousOperationProxy?wsdl"> <LocalizedName locale="en">Create snapshot</LocalizedName> <LocalizedDescription locale="en"> Creates a snapshot of the system. </LocalizedDescription> <OperationParameter id="SERVER" mandatory="true" type="REQUEST_SELECT"> <LocalizedName locale="en">Server</LocalizedName> </OperationParameter> <OperationParameter id="COMMENT" mandatory="false" type="INPUT_STRING"> <LocalizedName locale="en">Comment</LocalizedName> </OperationParameter></Operation>

Glossary


GlossaryAdministratorA privileged user role within an organization with the permission to manage the organization'saccount and subscriptions as well as its users and their roles. Each organization has at least oneadministrator.

ApplicationA software, including procedures and documentation, which performs productive tasks for users.

BrokerAn organization which supports suppliers in establishing relationships to customers by offering thesuppliers' services on a marketplace, as well as a privileged user role within such an organization.

CloudA metaphor for the Internet and an abstraction of the underlying infrastructure it conceals.

Cloud ComputingThe provisioning of dynamically scalable and often virtualized resources as a service over theInternet on a utility basis.

CustomerAn organization which subscribes to one or more marketable services in CT-MG in order to usethe underlying applications in the Cloud.

Infrastructure as a Service (IaaS)The delivery of computer infrastructure (typically a platform virtualization environment) as aservice.

Marketable ServiceA service offering to customers in CT-MG, based on a technical service. A marketable servicedefines prices, conditions, and restrictions for using the underlying application.

MarketplaceA virtual platform for suppliers, brokers, and resellers in CT-MG to provide their services tocustomers.

Marketplace OwnerAn organization which holds a marketplace in CT-MG, where one or more suppliers, brokers, orresellers can offer their marketable services.

Marketplace ManagerA privileged user role within a marketplace owner organization.

Glossary


OperatorAn organization or person responsible for maintaining and operating CT-MG.

OrganizationAn organization typically represents a company, but it may also stand for a department of acompany or a single person. An organization has a unique account and ID, and is assigned one ormore of the following roles: technology provider, supplier, customer, broker, reseller, marketplaceowner, operator.

Payment Service Provider (PSP)A company that offers suppliers or resellers online services for accepting electronic payments bya variety of payment methods including credit card or bank-based payments such as direct debitor bank transfer. Suppliers and resellers can use the services of a PSP for the creation of invoicesand payment collection.

Payment TypeA specification of how a customer may pay for the usage of his subscriptions. The operatordefines the payment types available in CT-MG; the supplier or reseller determines which paymenttypes are offered to his customers, for example payment on receipt of invoice, direct debit, orcredit card.

Platform as a Service (PaaS)The delivery of a computing platform and solution stack as a service.

Price ModelA specification for a marketable service defining whether and how much customers subscribing tothe service will be charged for the subscription as such, each user assigned to the subscription,specific events, or parameters and their options.

ResellerAn organization which offers services defined by suppliers to customers applying its own termsand conditions, as well as a privileged user role within such an organization.

RoleA collection of authorities that control which actions can be carried out by an organization or userto whom the role is assigned.

SellerCollective term for supplier, broker, and reseller organizations.

ServiceGenerally, a discretely defined set of contiguous or autonomous business or technical functionality,for example an infrastructure or Web service. CT-MG distinguishes between technical servicesand marketable services, and uses the term "service" as a synonym for "marketable service".

Glossary


Service ManagerA privileged user role within a supplier organization.

Standard UserA non-privileged user role within an organization.

Software as a Service (SaaS)A model of software deployment where a provider licenses an application to customers for use asa service on demand.

SubscriptionAn agreement registered by a customer for a marketable service in CT-MG. By subscribing to aservice, the customer is given access to the underlying application under the conditions defined inthe marketable service.

Subscription ManagerA privileged user role within an organization with the permission to create and manage his ownsubscriptions.

SupplierAn organization which defines marketable services in CT-MG for offering applications provisionedby technology providers to customers.

Technical ServiceThe representation of an application in CT-MG. A technical service describes parameters andinterfaces of the underlying application and is the basis for one or more marketable services.

Technology ManagerA privileged user role within a technology provider organization.

Technology ProviderAn organization which provisions applications as technical services in CT-MG.

User GroupA set of one or more users representing, for example, a department in a company, an individualproject, or a single person. Groups provide a means to restrict the visibility of services on amarketplace.

Date post:	14-Oct-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

Technology Provider's Guide - Fujitsu€¦ · through services in CT-MG. • IaaS Integration...

Documents